Permalink
Browse files

convert-meta-tags: don't allow newlines when converting meta tags.

This change makes ResponseHeaders::MergeContentType reject values
containing unprintable characters.

Fixes #1083

This is Otto's work from #1196
  • Loading branch information...
jeffkaufman committed Dec 17, 2015
1 parent b0ed9e4 commit 08cbf90fd0278de456ad546f5a1a34fa9cb440b6
@@ -67,6 +67,21 @@ TEST_F(MetaTagFilterTest, TestTags) {
<< *values[0];
}

const char kMetaTagDocInvalidAttribute[] =
"<html><head>"
"<meta http-equiv=\"Content-Type\" content=\"text/html;"
" charset=U\r\nTF-8\">"
"</head><body></body></html>";

TEST_F(MetaTagFilterTest, TestRejectInvalidAttribute) {
headers()->RemoveAll(HttpAttributes::kContentType);
ValidateNoChanges("convert_tags_invalid_attribute",
kMetaTagDocInvalidAttribute);
ConstStringStarVector values;
EXPECT_FALSE(headers()->Lookup(HttpAttributes::kContentType, &values));
ASSERT_EQ(0, values.size());
}

const char kMetaTagDoubleDoc[] =
"<html><head>"
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">"
@@ -321,6 +321,12 @@ bool ResponseHeaders::CombineContentTypes(const StringPiece& orig,
}

bool ResponseHeaders::MergeContentType(const StringPiece& content_type) {
for (size_t i = 0; i < content_type.size(); i++) {
if (!IsNonControlAscii(content_type[i])) {
return false;
}
}

bool ret = false;
ConstStringStarVector old_values;
Lookup(HttpAttributes::kContentType, &old_values);
@@ -75,6 +75,8 @@ class ResponseHeaders : public Headers<HttpResponseHeaders> {

// Merge the new content_type with what is already in the headers.
// Returns true if the existing content-type header was changed.
// If the new content_type contains non-printable characters, the
// change will be rejected silently (and false will be returned).
bool MergeContentType(const StringPiece& content_type);

// Merge headers. Replaces all headers specified both here and in

0 comments on commit 08cbf90

Please sign in to comment.